/**
 * Copyright (C), 2012-2018, 联奕科技有限公司
 * FileName: SsoOAuthorizationServerConfig
 * Author:   石贵武
 * Date:     2018\3\31 0031 15:10
 * Description:
 * History:
 * <author>          <time>          <version>          <desc>
 * 作者姓名           修改时间           版本号              描述
 */
package com.shiguiwu.sso.server;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;

/**
 * 〈一句话功能简述〉<br> 
 * 〈〉
 *
 * @author 石贵武
 * @create 2018\3\31 0031
 * @since 1.0.0
 */
@Configuration
@EnableAuthorizationServer
public class SsoOAuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
                .withClient("shiguiwu1")
                .secret("shiguiwu1")
                .authorizedGrantTypes("authorization_code", "refresh_token")
                .scopes("all")
                .and()
                .withClient("shiguiwu2")
                .secret("shiguiwu2")
                .authorizedGrantTypes("authorization_code", "refresh_token")
                .scopes("all");
    }
    //生成令牌
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        /**
         * 功能描述: <br>
         * 〈生成令牌〉
         *
         * @param endpoints
         * @return:void
         * @since: 1.0.0
         * @Author:
         * @Date: 2018\3\31 0031 15:55
         */
        endpoints.tokenStore(jwtTokenStore())
                .accessTokenConverter(jwtAccessTokenConverter());

    }
    //认证服务器安全培训


    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        /**
         * 功能描述: <br>
         * 〈认证服务器的安全配置〉
         *  配置的作用是访问签名，但是一定进过身份认证
         * @param security
         * @return:void
         * @since: 1.0.0
         * @Author:
         * @Date: 2018\3\31 0031 15:55
         */
        security.tokenKeyAccess("isAuthenticated()");
    }

    @Bean
    public TokenStore jwtTokenStore() {
        return new JwtTokenStore(jwtAccessTokenConverter());
    }

    @Bean
    public JwtAccessTokenConverter jwtAccessTokenConverter() {
        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        converter.setSigningKey("shiguiwu");
        return converter;
    }
}